System, apparatus, and method for allowing a program to cache user information

ABSTRACT

An information processing system includes a first storage that stores user information about one or more users of the information processing system; a second storage; a first determining unit that determines, depending on whether a program sets the second storage to store predetermined user information from the user information stored in the first storage, the predetermined user information being used in the program, whether to store the predetermined user information in the second storage; and a user information process unit that obtains the predetermined user information from the user information and stores the predetermined user information in the second storage if the first determining unit determines that the predetermined user information is to be stored in the second storage.

TECHNICAL FIELD

The present invention relates to an information processing system, animage processing apparatus, an information processing method, and arecording medium.

BACKGROUND ART

When a composite device such as a Multi Function Peripheral (MFP) isused, a process to authenticate a user is performed. For example, whenthe user holds an IC card over the composite device, the compositedevice reads identification information about the user (hereafter “useridentification information”) stored in the IC card, and the useridentification information is transmitted to an externally disposedauthentication server. The authentication server authenticates the userby comparing the user identification information transmitted by thecomposite device with information about the user (hereafter “userinformation”) managed by the authentication server, the user using thecomposite device.

Further, if authentication is successful, relevant user informationabout the user who has been successfully authenticated is obtained fromthe authentication server and cached in the composite device.

With respect to the composite device, there is a technique of speedingup an authentication process upon the use of the composite device bycausing the composite device that the user may use to cacheauthentication information (see Patent Document 1, for example).

CITATION LIST Patent Literature

-   PTL 1: Japanese Laid-Open Patent Publication No. 2010-277557

SUMMARY OF INVENTION Technical Problem

It is assumed that software vendors are asked to create a program suchas an authentication application. For example, the software vendors mayuse a Software Development Kit (SDK) to create a program such as anauthentication application.

In many cases, an authentication processing procedure executed by acreated authentication application will be different depending on thesoftware vendors. For example, if an authentication application createdby a software vendor that prioritizes speed of an authentication processis executed, information necessary for authentication may be cached. Bycontrast, if an authentication application created by a software vendorthat prioritizes security is executed, information necessary forauthentication may not be cached.

In this manner, an authentication processing procedure executed by acreated authentication application will be different depending on thesoftware vendors.

Accordingly, it is a general object of the present invention to allow aprogram to select whether to cache information about a process.

Solution to Problem

In an embodiment of the present invention, an information processingsystem is provided. The information processing system includes a firststorage that stores user information about one or more users of theinformation processing system; a second storage; a first determiningunit that determines, depending on whether a program sets the secondstorage to store predetermined user information from the userinformation stored in the first storage, the predetermined userinformation being used in the program, whether to store thepredetermined user information in the second storage; and a userinformation process unit that obtains the predetermined user informationfrom the user information and stores the predetermined user informationin the second storage if the first determining unit determines that thepredetermined user information is to be stored in the second storage.

Advantageous Effects of Invention

According to an embodiment of the present invention, it is possible toallow a program to select whether to cache information about a process.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a diagram showing an information processing system accordingto an embodiment.

FIG. 2 is a diagram showing a hardware configuration of a compositedevice according to an embodiment.

FIG. 3 is a diagram showing a software configuration of a compositedevice according to an embodiment.

FIG. 4 is a functional block diagram of a composite device according toan embodiment.

FIG. 5 is a diagram showing a user information table.

FIG. 6 is a diagram showing a cached user information table.

FIG. 7 is a diagram showing a logged in user information table.

FIG. 8 is a sequence diagram showing an operation (1) of a compositedevice according to an embodiment.

FIG. 9 is a sequence diagram showing an operation (2) of a compositedevice according to an embodiment.

FIG. 10 is a sequence diagram showing an operation (3) of a compositedevice according to an embodiment.

FIG. 11 is a sequence diagram showing an operation (4) of a compositedevice according to an embodiment.

FIG. 12 is a sequence diagram showing an operation (5) of a compositedevice according to an embodiment.

FIG. 13 is a sequence diagram showing an operation (6) of a compositedevice according to an embodiment.

FIG. 14 is a sequence diagram showing an operation (7) of a compositedevice according to an embodiment.

FIG. 15 is a sequence diagram showing an operation (8) of a compositedevice according to an embodiment.

FIG. 16 is a sequence diagram showing an operation (9) of a compositedevice according to an embodiment.

FIG. 17 is a diagram showing a functional configuration of aninformation processing system according to a third embodiment.

FIG. 18 is a sequence diagram (1) of a user authentication processaccording to the third embodiment.

FIG. 19 is a sequence diagram (2) of a user authentication processaccording to the third embodiment.

FIG. 20 is a sequence diagram (3) of a user authentication processaccording to the third embodiment.

DESCRIPTION OF EMBODIMENTS

In the following, an embodiment of the present invention is describedbased on examples below with reference to drawings. The examples areused only for illustrative purposes and embodiments of the presentinvention are not limited to the following examples.

In addition, in all the drawings to describe the examples, the samereference numerals are given to elements with the same functions so thata repetition of descriptions may be omitted.

<Information Processing System>

FIG. 1 is a diagram showing an information processing system accordingto the present embodiment.

The information processing system includes a composite device 100 and anIC card 300. Examples of the composite device 100 include a printer, ascanner, a copying machine, a facsimile machine, and a Multi FunctionPeripheral (MFP) having these functions. Further, it is possible toapply the composite device 100 to an image processing apparatus such asa projector and an electronic whiteboard device having image formingfunctions such as projection and display as well as printing.

The composite device 100 and an authentication server 400 areinterconnected via a network 30. While the network 30 is not limited inparticular, the network 30 may be configured with a Local Area Network(LAN) based on a transaction protocol such as Ethernet (registeredtrademark) or Transmission Control Protocol/Internet Protocol (TCP/IP),a Virtual Private Network (VPN), or a Wide Area Network (WAN) connectedusing a dedicated line.

The IC card 300 supports short-range wireless communication such as NFCand communicates with the composite device 100. The IC card 300 has abuilt-in IC chip that stores information. In addition to the IC card300, an IC tag may be used as long as short-range wireless communicationis supported.

When the composite device 100 performs short-range wirelesscommunication with the IC card 300, the composite device 100 receivesdata such as user identification information transmitted by the IC card300. The composite device 100 processes data transmitted by the IC card300 by executing a program such as an authentication application.Specifically, when the IC card 300 is held over the composite device100, the composite device 100 can read the user identificationinformation stored in the IC card 300. The composite device 100 sends arequest for authentication to the authentication server 400 bytransmitting the user authentication information to the authenticationserver 400.

Based on the user authentication information transmitted by thecomposite device 100, the authentication server 400 authenticates a usercarrying the IC card 300. The authentication server 400 can perform theauthentication by searching registered user information for the userauthentication information. The authentication server 400 reportswhether the authentication is successful to the composite device 100.

Based on the report of whether the authentication is successful sent bythe authentication server 400, the composite device 100 can perform oneof functions of a printer, a scanner, a copying machine, and a facsimilemachine if the authentication is successful. Further, if theauthentication is successful, the composite device 100 can cache userinformation about the user that has been successfully authenticated.

<Hardware Configuration of Composite Device 100>

FIG. 2 is a diagram showing a hardware configuration of the compositedevice 100. The composite device 100 includes a main body (executionunit) 10 and an operation unit 20 that receives a user operation. Themain body 10 performs various functions (image processing) such as aprinter function, a scanner function, a copying machine function, and afacsimile machine function. The main body 10 and the operation unit 20may be integrated and implemented as the composite device 100 or may beimplemented as separate devices. In addition, the reception of a useroperation is a concept involving reception of information (such as asignal indicating a coordinate value set on a screen) input depending onthe user operation. The main body 10 and the operation unit 20 arecommunicatively connected to each other via a dedicated communicationpath 32. For the communication path 32, while an element compliant witha standard such as Universal Serial Bus (USB) may be used, an elementcompliant with any standard may also be used regardless of whether it iswired or wireless.

Further, the main body 10 can perform an action depending an operationreceived by the operation unit 20. The main body 10 can communicate withan external device such as a client Personal Computer (PC) and performan action in response to an instruction received from the externaldevice.

First, a hardware configuration of the main body 10 is described. Asshown in FIG. 2, the main body 10 includes a CPU 11, a ROM 12, a RAM 13,a Hard Disk Drive (HDD) 14, a communication Interface (I/F) 15, aconnection I/F 16, and an engine unit 17, all being interconnected via asystem bus 18.

The CPU 11 comprehensively controls operations of the main body 10. TheCPU 11 controls entire operations of the main body 10 by executing aprogram for the main body 10 stored in the ROM 12 or the HDD 14 whileusing the RAM 13 as a work area and implements various functionsincluding the printer function, the scanner function, the copyingmachine function, and the facsimile machine function as mentioned above.

The communication I/F 15 is an interface for connecting to the network30. The connection I/F 16 is an interface for communicating with theoperation unit 20 via the communication path 32.

The engine unit 17 is hardware to perform a process to implement theprinter function, the scanner function, the copying machine function,and the facsimile machine function other than a typical informationprocess or communication. For example, the engine unit 17 includes ascanner (image reading unit) that reads an image on a manuscript byscanning the image, a plotter (image forming unit) that performsprinting on a sheet of material such as paper, and a facsimile unit thatperforms facsimile communication. Further, the engine unit 17 may alsoinclude a specific option such as a finisher that sorts printed sheetsand an Automatic Document Feeder (ADF) that automatically feeds paper.

In the following, a hardware configuration of the operation unit 20 isdescribed. As shown in FIG. 2, the operation unit 20 includes a CPU 21,a ROM 22, a RAM 23, a flash memory 24, a communication I/F 25, aconnection I/F 26, an operation panel 27, an external connection I/F 28,and a card reader/writer 31 interconnected via a system bus 29.

The CPU 21 comprehensively controls operations of the operation unit 20.The CPU 21 controls entire operations of the operation unit 20 byexecuting a program for the operation unit 20 stored in the ROM 22 orthe flash memory 24 while using the RAM 23 as a work area and implementsvarious functions such as display of information (image) in response toan input received from a user.

The communication I/F 25 is an interface for connecting to the network30. The connection I/F 26 is an interface for communicating with themain body 10 via the communication path 32.

The operation panel 27 receives various inputs depending on a useroperation and displays various types of information (such as informationdepending on a received operation, information indicating an operationstatus of the composite device 100, and information indicating a settingstatus). In this example, although the operation panel 27 is configuredwith a Liquid Crystal Display (LCD) device having a touch panelfunction, the operation panel 27 is not limited to this. For example,the operation panel 27 may be configured with an organic ElectroLuminescence (EL) display device having a touch panel function, forexample. Further, in addition to or instead of this, it is possible todispose an operation unit with hardware keys or a display unit withlamps.

The external connection I/F 28 is an interface for connecting to anexternal device.

The card reader/writer 31 performs short-range wireless communicationwith the IC card 300.

<Software Configuration of Composite Device 100>

FIG. 3 is a diagram showing a software configuration of the compositedevice 100.

As shown in FIG. 3, the main body 10 includes an application layer 101,a service layer 102, and an Operating System (OS) layer 103. Theapplication layer 101, the service layer 102, and the OS layer 103 areprograms such as various types of software stored in the ROM 12 or theHDD 14. Various functions are provided when the CPU 11 executes thesetypes of software.

The software of the application layer 101 is an application program(this may be simply called “app” in the following descriptions) foroperating a hardware resource to provide a predetermined function.Examples of the app include a copying machine app for providing acopying machine function, a scanner app for providing a scannerfunction, a facsimile machine app for providing a facsimile machinefunction, and a printer app for providing a printer function.

The software of the service layer 102 is present between the applicationlayer 101 and the OS layer 103. The software of the service layer 102 isfor providing the app of the application layer 101 with an interface touse a hardware resource included in the main body 10. Specifically, thesoftware of the service layer 102 provides functions of receiving anoperation request to the hardware resource and arbitrating betweenoperation requests. Examples of the operation requests that the servicelayer 102 receive include requests for reading by a scanner and printingby a plotter.

In addition, the functions of the interface by the service layer 102 areprovided not only to the application layer 101 of the main body 10 butalso to an application layer 201 of the operation unit 20. In otherwords, the application layer 201 (app) of the operation unit 20 can alsoimplement a function that uses the hardware resource of the main body 10(such as the engine unit 17 and the ROM 12) via the interface functionof the service layer 102.

The software of the OS layer 103 is basic software (operating system)for providing basic functions to control hardware included in the mainbody 10. The software of the service layer 102 converts use requests forthe hardware resource from various apps into commands interpretable forthe OS layer 103 and passes the commands to the OS layer 103. When thesoftware of the OS layer 103 executes the commands, the hardwareresource performs operations in accordance with the requests from theapps.

The operation unit 20 includes the application layer 201, a servicelayer 202, and an OS layer 203 in the same manner. The application layer201, the service layer 202, and the OS layer 203 included in theoperation unit 20 have the same hierarchical structure as in the mainbody 10. However, functions provided by apps of the application layer201 and types of operation requests that can be received by the servicelayer 202 are different from those in the main body 10. Although apps ofthe application layer 201 may be software for operating a hardwareresource included in the operation unit 20 in order to provide apredetermined function, the apps are mainly programs for providing auser interface (UI) function that performs a display and an operation ofthe functions included in the main body 10 (such as the copying machinefunction, the scanner function, the facsimile machine function, and theprinter function). Further, the apps of the application layer 201 mayuse data such as user identification information which is transmitted bythe IC card 300 and is read by the card reader/writer 31. Examples ofthe apps of the application layer 201 include a program such as anauthentication app 252 that uses the user authentication informationtransmitted by the IC card 300.

The software of the service layer 202 is present between the applicationlayer 201 and the OS layer 203. The software of the service layer 202 isfor providing the app of the application layer 201 with an interface touse a hardware resource included in the operation unit 20. Specifically,the software of the service layer 202 provides functions of receiving anoperation request for the hardware resource and arbitrating betweenoperation requests. Examples of the operation requests that the servicelayer 202 receive include requests for authentication by searching foruser identification information read by the card reader/writer 31 andrequests for caching user information used in an authentication processor user information about a user that has been successfullyauthenticated.

In addition, the functions of the interface by the service layer 202 areprovided not only to the application layer 201 of the operation unit 20but also to the application layer 101 of the main body 10. In otherwords, the application layer 101 of the main body 10 can also implementa function that uses the hardware resource of the operation unit 20(such as the ROM 22, the RAM 23, and the flash memory 24) via theinterface function of the service layer 202.

The software of the OS layer 203 is basic software (operating system)for providing basic functions to control hardware included in theoperation unit 20. The software of the service layer 202 converts userequests for the hardware resource from various apps into commandsinterpretable for the OS layer 203 and passes the commands to the OSlayer 203. When the software of the OS layer 203 executes the commands,the hardware resource performs operations in accordance with therequests from the apps.

In the present embodiment, in order to maintain independence of thefunctions, the software of the OS layer 103 on the main body 10 and thesoftware of the OS layer 203 on the operation unit 20 are different fromeach other. In other words, the main body 10 and the operation unit 20operate independently of each other with different operating systems.For example, it is possible to use Linux (registered trademark) as thesoftware of the OS layer 103 on the main body 10 and use Android(registered trademark) as the software of the OS layer 203 on theoperation unit 20.

As mentioned above, since the main body 10 and the operation unit 20operate based on different operating systems in the composite device 100of the present embodiment, communication between the main body 10 andthe operation unit 20 is performed as communication between differentdevices rather than interprocess communication within a common device.Examples of such communication includes an operation of sending receivedinformation by the operation unit 20 (contents of an instruction from auser) to the main body 10 (command communication) and an operation ofreporting an event by the main body 10 to the operation unit 20. In thiscase, the operation unit 20 can use functions of the main body 10 byperforming command communication with the main body 10. Further,examples of the event reported by the main body 10 to the operation unit20 include progress of an operation in the main body 10 and settings inthe main body 10.

Further, in the present embodiment, since power is supplied to theoperation unit 20 from the main body 10 via the communication path 32,it is possible to perform power control on the operation unit 20separately from (independently of) power control on the main body 10.

<Functional Configuration of Composite Device 100>

(Functional Configuration of Main Body 10)

In the following, a functional configuration of the composite device 100is described. FIG. 4 is a functional block diagram showing thefunctional configuration of the composite device 100. In FIG. 4, whilefunctions according to the present invention are mainly shown forconvenience sake, the functions of the composite device 100 are notlimited to the following functions.

The service layer 102 of the main body 10 in the composite device 100includes a transmission and reception unit 152, a user informationprocess unit 154, and a storing and reading process unit 156. Each ofthe units is a function or a unit implemented when any one ofconstituent elements shown in FIG. 2 operates by an instruction from theCPU 11 in accordance with the program for the main body 10 stored in theROM 12 or the HDD 14 shown in FIG. 2. Further, the main body 10 of thecomposite device 100 includes a nonvolatile storage unit 158 thatmaintains various types of data and information even if the compositedevice 100 is powered off, the nonvolatile storage unit 158 beingconfigured with the HDD 14 shown in FIG. 2.

(User Information Table)

In the nonvolatile storage unit 158, a user information management DataBase (DB) 160 having a user information table as shown in FIG. 5 isconstructed. In the user information table, identification information(No.) about user information, a user ID, a password, authorizationinformation, and screen customization information are associated andmanaged. The user information is information about a user allowed to usethe composite device 100. The user information may be managed in theauthentication server 400 or in the main body 10 of the composite device100. If the user information is managed in the main body 10 of thecomposite device 100, the user information is registered with the userinformation management DB 160 in advance. The user ID refers toidentification information such as an ID to identify a user. Thepassword is a string of characters and numbers to be input for log-inwith the user ID. The authorization information refers to informationindicating functions available to the user if the user logs in aftersuccessful authentication. Examples of authorization include an accessright for a predetermined setting such as an access right for a settingof a document manager or an access right for a setting of a networkadministrator, and a right to use a function of a predetermined app suchas a right to use a copying machine app, a right to use a scanner app,or a right to use a color mode or a full-color mode. The screencustomization information refers to setting information to customizecontent to be displayed in the liquid crystal display device of theoperation panel 27 for the user that has logged in. Examples of thescreen customization information include information about arrangementof icons displayed in a home screen, information about a language usedfor display, and wallpaper information.

(Cached User Information Table)

In the nonvolatile storage unit 158, a cached user informationmanagement DB 162 having a cached user information table as shown inFIG. 6 is constructed. The cached user information table stores userinformation about a user cached in the operation unit 20 from userinformation stored in the user information table in the user informationmanagement DB 160. FIG. 6 shows that from the user information stored inthe user information table shown in FIG. 5, user information about usersindicated by No. 1 and No. 3 is cached in the operation unit 20.

Returning to FIG. 4, the transmission and reception unit 152 of the mainbody 10 is implemented by an instruction from the CPU 11 shown in FIG. 2and the communication I/F 15 and the connection I/F 16 shown in FIG. 2.The transmission and reception unit 152 transmits and receives varioustypes of data (or information) to and from another terminal, a device,or a server via the network 30 and transmits and receives various typesof data (or information) to and from the operation unit 20 via thecommunication path 32.

The storing and reading process unit 156 of the main body 10 isimplemented by an instruction from the CPU 11 and the HDD 14 shown inFIG. 2. The storing and reading process unit 156 performs a process tostore various types of data in the nonvolatile storage unit 158 and aprocess to read various types of data stored in the nonvolatile storageunit 158.

The user information process unit 154 of the main body 10 is implementedby an instruction from the CPU 11 shown in FIG. 2. When theauthentication app 252 is executed by the operation unit 20, the userinformation process unit 154 stores user information about users thathave been successfully authenticated in the user information managementDB 160 of the nonvolatile storage unit 158 in accordance with aninstruction of the operation unit 20. Further, from the user informationabout users stored in the user information management DB 160 of thenonvolatile storage unit 158, the user information process unit 154stores user information about a user cached in the operation unit 20 inthe cached user information management DB 162 of the nonvolatile storageunit 158.

Further, in response to a request from the authentication app 252 of theoperation unit 20, the user information process unit 154 reports theuser information stored in the user information management DB 160 to theauthentication app 252. For example, the user information process unit154 searches for user information that corresponds to useridentification information included in a search request sent from theauthentication app 252 and reports retrieved user information to theauthentication app 252.

(Functional Configuration of Operation Unit 20)

The service layer 202 of the operation unit 20 in the composite device100 includes a cache process providing unit 254, a search processproviding unit 256, a user information process providing unit 258, anauthentication process unit 260, a user information process unit 262,and a storing and reading process unit 264. Each of the units is afunction or a unit implemented when any one of the constituent elementsshown in FIG. 2 operates by an instruction from the CPU 21 in accordancewith a program such as the authentication app 252 stored in the ROM 22or the flash memory 24 shown in FIG. 2. Further, the operation unit 20of the composite device 100 includes a volatile storage unit 266 thatdeletes various types of data and information when the composite device100 is powered off, the volatile storage unit 266 being configured withthe RAM 23 shown in FIG. 2.

(Cached User Information Table)

In the volatile storage unit 266, a cached user information managementDB 268 having a cached user information table is constructed as shown inFIG. 6.

(Logged in User Information Table)

In the volatile storage unit 266, a logged in user informationmanagement DB 270 having a logged in user information table as shown inFIG. 7 is constructed. The logged in user information table stores userinformation about users that have logged in.

Returning to FIG. 4, the authentication process unit 260 of theoperation unit 20 is implemented by an instruction from the CPU 21 shownin FIG. 2 and functions when the CPU 21 executes the authentication app252. Based on user identification information read by the cardreader/writer 31, the authentication process unit 260 sends, to the userinformation process unit 262, an instruction to search user informationstored in the cached user information management DB 268 constructed inthe volatile storage unit 266.

If a search result reported from the user information process unit 262indicates that the user identification information corresponds to anyone of sets of the user information about users stored in the cacheduser information management DB 268, the authentication process unit 260determines that authentication is successful and permits a user to login.

By contrast, if the search result reported from the user informationprocess unit 262 indicates that the user identification information doesnot correspond to any one of the sets of the user information stored inthe cached user information management DB 268, the authenticationprocess unit 260 sends, to the user information process unit 262, aninstruction to search user information about users stored in the userinformation management DB 160 constructed in the nonvolatile storageunit 158 of the main body 10.

If a search result reported from the user information process unit 262indicates that the user identification information corresponds to anyone of sets of the user information about users stored in the userinformation management DB 160, the authentication process unit 260determines that authentication is successful and permits the user to login.

By contrast, if the search result reported from the user informationprocess unit 262 indicates that the user identification information doesnot correspond to any one of the sets of the user information stored inthe user information management DB 160, the authentication process unit260 requests authentication by transmitting the user identificationinformation from the communication I/F 25 to the authentication server400. If the authentication server 400 reports that authentication issuccessful, the authentication process unit 260 permits the user to login. By contrast, if the authentication server 400 reports thatauthentication has failed, the authentication process unit 260 does notpermit the user to log in. Further, when the authentication server 400reports that authentication is successful, the authentication processunit 260 obtains user information about the user. Then theauthentication process unit 260 sends, to the user information processunit 262, an instruction to cache the user information about the user inthe main body 10.

The user information process unit 262 of the operation unit 20 isimplemented by an instruction from the CPU 21 shown in FIG. 2. If theauthentication process unit 260 sends the request to search the userinformation about users stored in the cached user information managementDB 268, the user information process unit 262 determines whether theuser identification information corresponds to any one of sets of theuser information and reports a determination result to theauthentication process unit 260. Further, when the authentication app252 is executed, the user information process unit 262 sends, to theuser information process unit 154 of the main body 10, an instruction tostore user information about a user that has been successfullyauthenticated in the user information management DB 160 of thenonvolatile storage unit 158 of the main body 10. When the userinformation process unit 262 receives, from the user information processunit 154 of the main body 10, a report that the user information isstored, the user information process unit 262 stores the userinformation in the cached user information management DB 268 of thevolatile storage unit 266. Further, in user information management DB270 of the volatile storage unit 266, the user information process unit262 can store user information about a user that has logged in.

The storing and reading process unit 264 of the operation unit 20 isimplemented by an instruction from the CPU 21, the ROM 22, the RAM 23,and the flash memory 24 shown in FIG. 2. The storing and reading processunit 264 stores various types of data in the volatile storage unit 266and reads various types of data stored in the volatile storage unit 266.

The cache process providing unit 254 of the operation unit 20 isimplemented by an instruction from the CPU 21 shown in FIG. 2. The cacheprocess providing unit 254 externally provides an I/F capable of cachingwhen the authentication app 252 uses an Application ProgrammingInterface (API). Since this I/F is provided in a form of SDK, when asoftware vendor creates the authentication app 252, the software vendorcan use the SDK to set the use of the API. The CPU 21 that executes theauthentication app 252 causes the user information process unit 262 tofunction by causing the cache process providing unit 254 to function.The cache process providing unit 254 reports a result of a process bythe user information process unit 262 to a user via the operation panel27.

The search process providing unit 256 of the operation unit 20 isimplemented by an instruction from the CPU 21 shown in FIG. 2. Thesearch process providing unit 256 externally provides an I/F capable ofsearching the cached user information management DB 268 to determinewhether user identification information read by the card reader/writer31 corresponds to any one of sets of user information about users storedin the cached user information management DB 268 constructed in thevolatile storage unit 266 when the authentication app 252 uses the API.Since this I/F is provided in a form of SDK, when the software vendorcreates the authentication app 252, the software vendor can use asoftware development kit to set the use of the API. The CPU 21 thatexecutes the authentication app 252 causes the authentication processunit 260 to function by causing the search process providing unit 256 tofunction. The search process providing unit 256 reports a result of aprocess by the authentication process unit 260 to the user via theoperation panel 27.

The user information process providing unit 258 of the operation unit 20is implemented by an instruction from the CPU 21 shown in FIG. 2. Theuser information process providing unit 258 externally provides an I/Fcapable of storing user information about a user that has beensuccessfully authenticated and logged in in the volatile storage unit266 when the authentication app 252 uses the API. In accordance withthis, it is possible to temporarily store the user information about theuser that has logged in. This user information is stored in the loggedin user information management DB 270 of the volatile storage unit 266.Since this I/F is provided in a form of SDK, when the software vendorcreates the authentication app 252, the software vendor can use asoftware development kit to set the use of the API. The CPU 21 thatexecutes the authentication app 252 causes the user information processunit 262 to store the user information about the user that has logged inin the volatile storage unit 266 by causing the user information processproviding unit 258 to function.

First Embodiment

<Operation (1) of Information Processing System>

FIG. 8 shows an operation (1) of the information processing system.

In FIG. 8, a process to cache user information in the nonvolatilestorage unit 158 of the main body 10 in the composite device 100 isperformed but the caching fails.

When the CPU 21 executes the authentication app 252, the cache processproviding unit 254 functions and can cache the user information.

In step S802, a user sends a request to cache user information to thecomposite device 100. For example, the user connects an informationterminal device such as a PC that stores the user information to thecomposite device 100 and sends the request to cache the user informationto the composite device 100.

In step S804, when the CPU 21 of the operation unit 20 executes theauthentication app 252, the CPU 21 sends the request to cache the userinformation to the cache process providing unit 254.

In step S806, the cache process providing unit 254 of the operation unit20 sends the request to cache the user information to the userinformation process unit 262.

In step S808, the user information process unit 262 of the operationunit 20 sends the request to cache the user information to the userinformation process unit 154 of the main body 10. The user informationprocess unit 154 of the main body 10 performs a process to cache theuser information in the user information management DB 160 of thenonvolatile storage unit 158 but the caching has failed. Examples of areason of not being able to cache include a case where memory usage ofthe nonvolatile storage unit 158 has reached an upper limit, a casewhere a size of the user information to be cached is too large, and acase where the user information management DB 160 of the nonvolatilestorage unit 158 is currently being accessed.

In step S810, the user information process unit 154 of the main body 10reports that the caching has failed to the user information process unit262 of the operation unit 20. For example, the user information processunit 154 of the main body 10 reports if the user information processunit 154 performed the caching process a plurality of times but thecaching resulted in failure. In this case, the user information processunit 154 of the main body 10 can also report a reason of not being ableto cache in addition to the report of the failure of the caching.

In step S812, the user information process unit 262 of the operationunit 20 reports that the caching has failed to the cache processproviding unit 254. In this case, the user information process unit 262of the operation unit 20 can also report the reason of not being able tocache in addition to the report of the failure of the caching.

In step S814, the cache process providing unit 254 of the operation unit20 reports that the caching has failed to the CPU 21 of the operationunit 20, the CPU 21 executing the authentication app 252. In this case,the cache process providing unit 254 of the operation unit 20 can alsoreport the reason of not being able to cache in addition to the reportof the failure of the caching.

In step S816, the CPU 21 of the operation unit 20, the CPU 21 executingthe authentication app 252, reports that the caching has failed to theoperation panel 27. In this case, the CPU 21 of the operation unit 20,the CPU 21 executing the authentication app 252, can also report thereason of not being able to cache in addition to the report of thefailure of the caching. When the failure of the caching is reported, thefailure of the caching is displayed in the operation panel 27. Inaccordance with this, the user can understand that the caching of theuser information has failed. Further, when the reason of not being ableto perform caching is reported, it is possible for the user to make anappropriate response for successful caching.

<Operation (2) of Information Processing System>

FIG. 9 shows an operation (2) of the information processing system.

In FIG. 9, a process to cache user information in the nonvolatilestorage unit 158 of the main body 10 in the composite device 100 isperformed and the caching is successful.

When the CPU 21 executes the authentication app 252, it is possible tocache the user information or to cause the cache process providing unit254 to function.

Steps S902 to S908 may use steps S802 to S808 shown in FIG. 8.

In step S910, the user information process unit 154 of the main body 10reports that the caching has been successfully performed to the userinformation process unit 262 of the operation unit 20.

In step S912, the user information process unit 262 of the operationunit 20 caches the user information in the cached user informationmanagement DB 268 of the volatile storage unit 266. In accordance withthis, if the user information is cached in the main body 10, the sameuser information is cached in the operation unit 20.

In step S914, the user information process unit 262 of the operationunit 20 reports that the caching has been successfully performed to thecache process providing unit 254.

In step S916, the cache process providing unit 254 of the operation unit20 reports that the caching has been successfully performed to the CPU21 of the operation unit 20, the CPU 21 executing the authentication app252.

In step S918, the CPU 21 of the operation unit 20, the CPU 21 executingthe authentication app 252, reports that the caching has beensuccessfully performed to the operation panel 27. When the success ofthe caching is reported, the success of the caching is displayed in theoperation panel 27. In accordance with this, the user can understandthat the caching of the user information has been successful. If theuser information can be cached in the main body 10, by caching the sameuser information in the operation unit 20, even if the user informationstored in the operation unit 20 is deleted when the composite device 100is powered off, the composite device 100 can transfer the userinformation stored in the main body 10 to the operation unit 20 when thecomposite device 100 is powered on. The user information may be cachedin the cached user information management DB 268 of the operation unit20 and then the user information may be cached in the user informationmanagement DB 160 of the main body 10. In this case, it is possible toobtain information from one of the cached user information management DB268 and the user information management DB 160 in which the caching hasbeen successfully performed. Further, it is possible to report theinformation from this DB to the user. In accordance with this, if thecaching of the user information in the main body 10 has failed and thecaching of the user information in the operation unit 20 has beensuccessful, when the composite device 100 is powered off and thenpowered on, the composite device 100 is capable of determining necessityto obtain the user information again. Further, if the caching of theuser information in the main body 10 has been successful and the cachingof the user information in the operation unit 20 has failed, when thecomposite device 100 is powered off and then powered on, the compositedevice 100 is capable of determining that the operation unit 20 canobtain the user information from the main body 10.

<Operation (3) of Information Processing System>

FIG. 10 shows an operation (3) of the information processing system.

In FIG. 10, when the composite device 100 is powered on, the operationunit 20 obtains user information cached in the main body 10 and cachesthe user information in the operation unit 20. The user information isstored in the cached user information management DB 162 of the main body10 and in the cached user information management DB 268 of the operationunit 20 in the composite device 100. When the composite device 100 ispowered off, information cached in the volatile storage unit 266 of theoperation unit 20 is deleted. Accordingly, when the composite device 100is powered on, the operation unit 20 obtains the user information storedin the cached user information management DB 162 of the nonvolatilestorage unit 158 in the main body 10 and stores the user information inthe cached user information management DB 268 of the volatile storageunit 266.

When the CPU 21 executes the authentication app 252, the CPU 21 causesthe cache process providing unit 254 to function to cache the userinformation.

In step S1002, the composite device 100 is powered on.

In step S1004, the CPU 21 of the operation unit 20, the CPU 21 executingthe authentication app 252, inputs, to the user information process unit262, a cached user information obtaining request to obtain userinformation cached in the main body 10.

In step S1006, the user information process unit 262 transmits thecached user information obtaining request to the user informationprocess unit 154 of the main body 10. The user information process unit154 of the main body 10 obtains the user information cached in thecached user information management DB 162 of the nonvolatile storageunit 158.

In step S1008, the user information process unit 154 of the main body 10transmits the user information to the user information process unit 262of the operation unit 20.

In step S1010, the user information process unit 262 of the operationunit 20 caches the user information in the cached user informationmanagement DB 268 of the volatile storage unit 266 in the operation unit20.

In accordance with this, even if the composite device 100 is powered offand the user information stored in the operation unit 20 is deleted,when the composite device 100 is powered on, the operation unit 20 canobtain, from the main body 10, the user information that is cachedbefore the composite device 100 is powered off.

<Operation (4) of Information Processing System>

FIG. 11 shows an operation (4) of the information processing system.

In FIG. 11, authentication of a user is performed based on userinformation cached in the operation unit 20 of the composite device 100and the user authentication is successful.

When the CPU 21 executes the authentication app 252, the CPU 21 causesthe search process providing unit 256 to function to perform anauthentication process.

In step S1102, when the user holds the IC card 300 over the cardreader/writer 31, user identification information is read by the cardreader/writer 31 and input to the CPU 21 executing the authenticationapp 252.

In step S1104, the CPU 21 executing the authentication app 252 causesthe search process providing unit 256 to function and reports the useridentification information to the search process providing unit 256.

In step S1106, the search process providing unit 256 inputs, to theauthentication process unit 260, a cached user information searchrequest to search the cached user information management DB 268 todetermine whether user information cached in the cached user informationmanagement DB 268 has an item that corresponds to the useridentification information.

In step S1108, the authentication process unit 260 inputs the cacheduser information search request to the user information process unit262.

In step S1110, in accordance with the cached user information searchrequest input by the authentication process unit 260, the userinformation process unit 262 searches the cached user informationmanagement DB 268 to determine whether user information cached in thecached user information management DB 268 has an item that correspondsto the user identification information.

In step S1112, the user information process unit 262 obtains a searchresult. In this case, since user information such as a user ID thatcorresponds to the user identification information is present in thecached user information management DB 268, the user information processunit 262 obtains a search result indicating that user information thatcorresponds to the user identification information is detected.

In step S1114, the user information process unit 262 reports the searchresult to the authentication process unit 260.

In step S1116, the authentication process unit 260 performs anauthentication process based on the search result input from the userinformation process unit 262. In this case, since the user informationthat corresponds to the user identification information is detected, theauthentication process unit 260 determines that authentication has beensuccessful.

In step S1118, the authentication process unit 260 reports anauthentication result to the search process providing unit 256.

In step S1120, the search process providing unit 256 reports theauthentication result to the authentication app 252.

In step S1122, the authentication app 252 reports the authenticationresult to the operation panel 27. When the authentication result isreported, the success of the authentication is displayed in theoperation panel 27. In accordance with this, the user can understandthat the composite device 100 is available.

In this operation, an I/F that searches the cached user informationmanagement DB 268 to determine whether user information stored in thecached user information management DB 268 has an item that correspondsto the user identification information is provided. Whether to use theI/F can be specified with the authentication app 252. When the use ofthe I/F is specified with the authentication app 252, it is possible toperform authentication based on user information cached in the operationunit 20, so that a time from a request of an authentication process toan end of the authentication process is reduced. This is because thereis no need to connect to the main body 10 and perform searching based onuser information cached in the main body 10.

<Operation (5) of Information Processing System>

FIG. 12 shows an operation (5) of the information processing system.

In FIG. 12, authentication of a user is performed based on userinformation cached in the cached user information management DB 268 ofthe operation unit 20 in the composite device 100 but the authenticationfails. Further, in FIG. 12, when the CPU 21 executes the authenticationapp 252, the CPU 21 causes the user information process providing unit258 to function and user information about a user that has logged in isstored in the logged in user information management DB 270.

When the CPU 21 executes the authentication app 252, the CPU 21 causesthe search process providing unit 256 to function to perform anauthentication process. Steps S1202 to S1210 may use steps S1102 toS1110 shown in FIG. 11.

In step S1212, the user information process unit 262 obtains a searchresult. In this case, since there is no user information thatcorresponds to user identification information in the cached userinformation management DB 268, the user information process unit 262determines that user information that corresponds to the useridentification information is not detected.

In step S1214, the user information process unit 262 reports the searchresult to the authentication process unit 260.

In step S1216, in accordance with the search result input by the userinformation process unit 262, the failure to detect user informationthat corresponds to the user identification information is reported tothe authentication process unit 260. The authentication process unit 260inputs, to the user information process unit 262, a logged in userinformation search request to search the logged in user informationmanagement DB 270 to determine whether user information cached in thelogged in user information management DB 270 has an item thatcorresponds to the user identification information.

In step S1218, in accordance with the logged in user information searchrequest input by the authentication process unit 260, the userinformation process unit 262 searches the logged in user informationmanagement DB 270 to determine whether user information cached in thelogged in user information management DB 270 has an item thatcorresponds to the user identification information.

In step S1220, the user information process unit 262 obtains a searchresult. In this case, since user information such as a user ID thatcorresponds to the user identification information is present in thelogged in user information management DB 270, the user informationprocess unit 262 determines that user information that corresponds tothe user identification information is detected.

In step S1222, the user information process unit 262 reports the searchresult to the authentication process unit 260.

In step S1224, the authentication process unit 260 performs anauthentication process based on the search result input from the userinformation process unit 262. In this case, since the user informationthat corresponds to the user identification information is detected, theauthentication process unit 260 determines that authentication has beensuccessful.

In step S1226, the authentication process unit 260 reports anauthentication result to the search process providing unit 256.

In step S1228, the search process providing unit 256 reports theauthentication result to the authentication app 252.

In step S1230, the authentication app 252 reports the authenticationresult to the operation panel 27. When the authentication result isreported, the success of the authentication is displayed in theoperation panel 27.

In this operation, an I/F that stores user information about a user thathas been successfully authenticated and logged in in the volatilestorage unit 266 is provided. Whether to use the I/F can be specifiedwith the authentication app 252. When the use of the I/F is specifiedwith the authentication app 252, even if user information cached in thecached user information management DB 268 of the operation unit 20 doesnot have an item that corresponds to user identification information, itis possible to perform authentication based on user information cachedin the logged in user information management DB 270. Accordingly, it ispossible to reduce a time from a request of an authentication process toan end of the authentication process. This is because there is no needto connect to the main body 10 and perform searching based on userinformation cached in the main body 10.

<Operation (6) of Information Processing System>

FIG. 13 shows an operation (6) of the information processing system.

In FIG. 13, authentication of a user is performed based on userinformation cached in the cached user information management DB 268 andthe logged in user information management DB 270 of the operation unit20 in the composite device 100, but the two authentication processesfail, and a process request is sent to the authentication server 400.Steps S1302 to S1310 may use steps S1102 to S1110 shown in FIG. 11.Steps S1312 to S1318 may use steps S1212 to S1218 shown in FIG. 12.

In step S1320, the user information process unit 262 obtains a searchresult. In this case, since user information that corresponds to useridentification information is not present in the logged in userinformation management DB 270, the user information process unit 262obtains a search result indicating that user information thatcorresponds to the user identification information is not detected.

In step S1322, the user information process unit 262 reports the searchresult to the authentication process unit 260.

In step S1324, in accordance with the search result input by the userinformation process unit 262, the failure to detect user informationthat corresponds to the user identification information is reported tothe authentication process unit 260. The authentication process unit 260transmits, from the communication I/F 25 to the authentication server400, a user information search request to search the authenticationserver 400 to determine whether there is an item that corresponds to theuser identification information. In this case, the authenticationprocess unit 260 can also request authentication by transmitting theuser identification information from the communication I/F 25 to theauthentication server 400.

In step S1326, in accordance with the user information search requestinput by the authentication process unit 260, the authentication server400 searches user information registered in advance and reports a searchresult thereof to the authentication process unit 260. If there is userinformation that corresponds to the user identification information, theauthentication server 400 may also report the user information thatcorresponds to the user identification information in addition to thesearch result. The following describes a case where user informationregistered in advance in the authentication server 400 has an item thatcorresponds to the user identification information.

In step S1328, the authentication process unit 260 performs anauthentication process based on the search result transmitted by theauthentication server 400. In this case, since user information thatcorresponds to the user identification information is detected in theauthentication server 400, the authentication process unit 260determines that the authentication has been successful.

In step S1330, the authentication process unit 260 reports anauthentication result to the search process providing unit 256. Theauthentication process unit 260 also reports the user informationtransmitted from the authentication server 400 in addition to theauthentication result.

In step S1332, the search process providing unit 256 reports theauthentication result to the authentication app 252. The search processproviding unit 256 also reports the user information in addition to theauthentication result.

In step S1334, the authentication app 252 reports the authenticationresult to the operation panel 27. When the authentication result isreported, the success of the authentication is displayed in theoperation panel 27. In accordance with this, the user can understandthat the composite device 100 is available.

In step S1336, the authentication app 252 sends a caching requestprovided with the user information to the cache process providing unit254.

Steps S1338 to S1350 may use steps S906 to S918 shown in FIG. 9.

In this operation, an I/F that searches the cached user informationmanagement DB 268 and the logged in user information management DB 270to determine whether user information stored in the cached userinformation management DB 268 or the logged in user informationmanagement DB 270 has an item that corresponds to the useridentification information is provided. Whether to use the I/F can bespecified with the authentication app 252. When the use of the I/F isspecified with the authentication app 252, even if user informationcached in the operation unit 20 does not have an item that correspondsto user identification information, the operation unit 20 may send, tothe authentication server 400, an inquiry of whether user informationthat corresponds to the user identification information is registered.In accordance with this, the composite device 100 can cause theauthentication server 400 to perform searching in order to securelyperform an authentication process. Further, if a request for searchingfor the user identification information is sent to the authenticationserver 400 and user information that corresponds to the useridentification information is registered with the authentication server400, the operation unit 20 can obtain the user information. Since theoperation unit 20 can cache the user information, the operation unit 20can use the cached user information when the same user uses thecomposite device 100. Accordingly, it is possible to speed up theauthentication process.

<Operation (7) of Information Processing System>

FIG. 14 shows an operation (7) of the information processing system.

In FIG. 14, authentication of a user is performed based on userinformation cached in the cached user information management DB 268 andthe logged in user information management DB 270 of the operation unit20 in the composite device 100, but the two authentication processesfail, and a process request is sent to the authentication server 400. Adifference from FIG. 13 is that user information that corresponds touser identification information is stored in the logged in userinformation management DB 270 of the operation unit 20 in FIG. 14.

Steps S1402 to S1410 may use steps S1102 to S1110 shown in FIG. 11.Steps S1412 to S1418 may use steps S1212 to S1218 shown in FIG. 12.Steps S1420 to S1438 may use steps S1320 to S1338 shown in FIG. 13.

In step S1440, the user information process unit 262 of the operationunit 20 caches user information in the logged in user informationmanagement DB 270 of the volatile storage unit 266.

In step S1442, the logged in user information management DB 270 reportsthat the caching has been successfully performed to the user informationprocess unit 262.

In step S1444, the user information process unit 262 of the operationunit 20 reports that the caching has been successfully performed to thecache process providing unit 254.

In step S1446, the cache process providing unit 254 of the operationunit 20 reports that the caching has been successfully performed to theCPU 21 of the operation unit 20, the CPU 21 executing the authenticationapp 252.

In step S1448, the CPU 21 of the operation unit 20, the CPU 21 executingthe authentication app 252, reports that the caching has beensuccessfully performed to the operation panel 27. When the success ofthe caching is reported, the success of the caching is displayed in theoperation panel 27. In accordance with this, the user can understandthat the caching of the user information has been successful.

Whether user information that corresponds to user identificationinformation is to be stored in the user information management DB 160 ofthe main body 10 as shown in FIG. 13 or in the logged in userinformation management DB 270 of the operation unit 20 as shown in FIG.14 is determined by the authentication app 252 in advance. In accordancewith this, the same effects as in FIG. 13 are provided.

<Operation (8) of Information Processing System>

FIG. 15 shows an operation (8) of the information processing system.

In FIG. 15, the authentication app 252 sets cached user information notto be used. In other words, the cache process providing unit 254, thesearch process providing unit 256, and the user information processproviding unit 258 are set to be disabled even if the CPU 21 executesthe authentication app 252.

In step S1502, when the user holds the IC card 300 over the cardreader/writer 31, user identification information is read by the cardreader/writer 31 and input to the CPU 21 executing the authenticationapp 252.

In step S1504, the CPU 21 executing the authentication app 252transmits, from the communication OF 25 to the authentication server400, a user information search request to search the authenticationserver 400 to determine whether user information registered in theauthentication server 400 has an item that corresponds to the useridentification information. In this case, the CPU 21 can also requestauthentication by transmitting the user identification information fromthe communication I/F 25 to the authentication server 400.

In step S1506, in accordance with the user information search requesttransmitted by the operation unit 20, the authentication server 400searches the user information registered in advance and reports a searchresult thereof to the operation unit 20. The authentication server 400also reports user information that corresponds to the useridentification information in addition to the search result. In thiscase, an item that corresponds to the user identification information ispresent in the user information registered with the authenticationserver 400 in advance.

In step S1508, the authentication app 252 performs an authenticationprocess based on the search result transmitted by the authenticationserver 400. In this case, since the user information that corresponds tothe user identification information is detected in the authenticationserver 400, the authentication app 252 determines that theauthentication has been successful.

In step S1510, the authentication app 252 reports an authenticationresult to the operation panel 27. When the authentication result isreported, the success of the authentication is displayed in theoperation panel 27. In accordance with this, the user can understandthat the composite device 100 is available.

In the present embodiment, when the IC card 300 is held over thecomposite device 100, the user identification information is read andthe authentication is performed based on the user identificationinformation. However, the authentication is not limited to this example.It is possible to display a log-in screen in the operation panel 27 andallow the user to input a user ID and a password, such thatauthentication is performed based on the user ID and the password.

In the present embodiment, the authentication app 252 is mainlydescribed as a program to be executed by the operation unit 20. However,the program is not limited to the authentication app 252. It is possibleto apply the present invention to a case where an app other than theauthentication app 252 is executed.

According to the present embodiment, the I/F that caches userinformation about a user that has been successfully authenticated, theI/F that performs a search to determine whether user identificationinformation corresponds to any one of sets of cached user information,and the I/F that caches user information about a logged in user areprovided in the operation unit 20 of the composite device 100.Accordingly, vendors of programs such as the authentication app 252 canselect from these I/Fs to use. In other words, by providing a right toaccess the storage unit of the composite device 100, it is possible toallow the authentication app 252 to determine whether to use the rightto access.

Second Embodiment

<Information Processing System>

The information processing system according to the present embodimentmay be shown in FIGS. 1 to 4.

The information processing system according to the present embodiment iscapable of changing user information. When the user requests a change ofthe user information, the CPU 21 executing the authentication app 252receives the user information change request. The CPU 21 executing theauthentication app 252 reports the user information change request tothe main body 10. In response to the user information change request,the main body 10 changes relevant user information, which is requestedto be changed by the user information change request, from userinformation stored in the user information management DB 160.

After the main body 10 has changed the user information stored in theuser information management DB 160, the main body 10 transmits a userinformation update report with the changed user information to theoperation unit 20. In accordance with the user information update reporttransmitted by the main body 10, the operation unit 20 updates userinformation cached in the cached user information management DB 268.

<Operation (9) of Information Processing System>

FIG. 16 shows an operation (9) of the information processing system.

In step S1602, the user sends a request for a change of user informationto the composite device 100. For example, the user may connect aninformation terminal device such as a PC that stores user information tothe composite device 100 and request a process to change userinformation.

In step S1604, the CPU 21 executing the authentication app 252 receivesthe user information change request. The CPU 21 executing theauthentication app 252 reports the user information change request tothe main body 10.

In step S1606, in accordance with the user information change request,the user information process unit 154 of the main body 10 changesrelevant user information from user information stored in the userinformation management DB 160, the relevant user information beingrequested to be changed by the user information change request.

In step S1608, the user information process unit 154 of the main body 10transmits a user information update report provided with the changeduser information to the operation unit 20.

In step S1610, in accordance with the user information update reporttransmitted by the main body 10, the user information process unit 262of the operation unit 20 updates user information cached in the cacheduser information management DB 268.

According to the present embodiment, if the user information stored inthe main body 10 is to be changed, it is possible to apply the change ofthe user information to the cached user information management DB 268 ofthe operation unit 20. In other words, it is possible to synchronizeuser information stored in the operation unit 20 with correspondinginformation stored in the user information management DB 160 of the mainbody 10.

In addition, the above-mentioned embodiment does not limit the scope ofthe present invention. It is possible to store, in a given server, thesame information as stored in the nonvolatile storage unit 158 of themain body 10. Further, one of or both the main body 10 and the operationunit 20 that constitute the composite device 100 may have a plurality ofbodies.

In addition, the configuration of the composite device 100 where themain body 10 and the operation unit 20 are connected in the presentembodiment is an example and there may be various configuration examplesdepending on uses and purposes.

The composite device 100 is an example of an information processingsystem. The main body 10 is an example of a first information processingdevice. The operation unit 20 is an example of a second informationprocessing device. The user information management DB 160 is an exampleof a first storage. The cached user information management DB 268 is anexample of a second storage. The logged in user information managementDB 270 is an example of a third storage. The cache process providingunit 254 is an example of a first determining unit. The search processproviding unit 256 is an example of a second determining unit. The userinformation process providing unit 258 is an example of a thirddetermining unit. The authentication app 252 is an example of a program.The card reader/writer 31 is an example of a user identificationinformation obtaining unit. The authentication process unit 260 is anexample of a predetermined process unit. And the program for theoperation unit 20 is an example of an information processing program.

Third Embodiment

The information processing system according to the present invention mayhave various system configurations depending on uses and purposes. Inthe present embodiment, some of such various system configurations ofthe image processing system are described.

<Functional Configuration>

FIG. 17 is a diagram showing a functional configuration of theinformation processing system according to a third embodiment. Aninformation processing system 1 includes the composite device 100 and anexternal server 1701 connected to the composite device 100 via thenetwork 30. In addition, the information processing system 1 may notinclude the external server 1701.

The external server 1701 is a server device having a first userinformation management DB 160 a that stores user information about auser of the composite device 100 (or the information processing system1). An example of the external server 1701 is the authentication server400 shown in FIG. 1. Another example of the external server 1701 may bean information providing server, a database server, or a storage server.For example, the authentication app 252 may obtain user information fromthe external server 1701 and use the obtained user information and useridentification information to perform an authentication process in theauthentication app 252.

It is assumed that in the information processing system 1 according tothe present embodiment, the user information management DB 160 shown inFIG. 4 is included in one of or both the external server 1701 and themain body 10 of the composite device 100. Further, in the presentembodiment, the user information management DB 160 included in theexternal server 1701 is referred to as the first user informationmanagement DB 160 a and the user information management DB 160 includedin the main body 10 is referred to as a second user informationmanagement DB 160 b. In addition, the external server 1701 and the mainbody 10 are an example of an external device that stores userinformation about one or more users of the composite device 100.

If the information processing system 1 includes the first userinformation management DB 160 a and the second user informationmanagement DB 160 b, the second user information management DB 160 bpreferably stores a part of user information stored in the first userinformation management DB 160 a. For example, the first user informationmanagement DB 160 a stores all user information about companies, forexample and the second user information management DB 160 b stores userinformation about places and countries where the composite devices 100are installed. In accordance with this, the composite devices 100 cansave storage capacity of the nonvolatile storage unit 158 and speed up aprocess to search user information.

(Functional Configuration of Composite Device)

The operation unit 20 of the composite device 100 according to thepresent embodiment includes a storage unit 1702 instead of the volatilestorage unit 266 shown in FIG. 4.

The storage unit 1702 is implemented by the RAM 23, the flash memory 24,and a program operating on the CPU 21 shown in FIG. 2. In other words,the storage unit 1702 according to the present embodiment may be avolatile storage unit or a nonvolatile storage unit.

Further, the operation unit 20 according to the present embodiment usesthe communication I/F 25 shown in FIG. 2, for example, to becommunicatively connected to the external server 1701. In addition,other portions of the configuration are the same as the functionalconfiguration of the composite device 100 shown in FIG. 4.

<Flow of Process>

In the following, an information processing method performed by theinformation processing system 1 according to the present embodiment isdescribed.

FIG. 18 is a sequence diagram (1) of a user authentication processaccording to the third embodiment. Since the process shown in FIG. 18substantially corresponds to the user authentication process in thefirst embodiment shown in FIG. 13 and a basic process is the same, adifference will be mainly described.

In the first embodiment, the user authentication process is performed bythe authentication process unit 260 in step S1328 shown in FIG. 13, forexample. However, this process is an example and the user authenticationprocess may be performed by the authentication app 252.

In step S1801, the authentication app 252 of the operation unit 20obtains user identification information read by the card reader/writer31.

In step S1802, the authentication app 252 uses an interface (API)provided by the search process providing unit 256 to request a searchfor the obtained user identification information to the search processproviding unit 256.

In step S1803, the search process providing unit 256 sends, to theauthentication process unit 260, a request to search the storage unit1702 in order to determine whether user information stored in thestorage unit 1702 has an item that corresponds to the useridentification information.

In step S1804, the authentication process unit 260 uses the userinformation process unit 262 to search the cached user informationmanagement DB 268 to determine whether user information cached in thecached user information management DB 268 has an item that correspondsto the user identification information. Although the user informationprocess unit 262 is omitted from FIG. 18, the process in step S1804 isthe same as the process in steps S1308 and S1310 shown in FIG. 13, forexample.

In step S1805, the authentication process unit 260 obtains a searchresult via the user information process unit 262. In this case, it isassumed that user information that corresponds to the useridentification information is not present in the cached user informationmanagement DB 268 and so the search result is a “failure.” In addition,the process in step S1805 is the same as the process in steps S1312 andS1314 shown in FIG. 13, for example.

In step S1806, the authentication process unit 260 uses the userinformation process unit 262 to search the logged in user informationmanagement DB 270 to determine whether user information cached in thelogged in user information management DB 270 has an item thatcorresponds to the user identification information. In addition, thisprocess is the same as the process in steps S1316 and S1318 shown inFIG. 13, for example.

In step S1807, the authentication process unit 260 obtains a searchresult via the user information process unit 262. In this case, it isassumed that user information such as a user ID that corresponds to theuser identification information is not present in the logged in userinformation management DB 270 and so the search result is a “failure.”In addition, the process in step S1807 is the same as the process insteps S1320 and S1322 shown in FIG. 13.

In step S1808, the authentication process unit 260 reports, to thesearch process providing unit 256, the search result “failure”indicating that user information stored in the storage unit 1702 doesnot have an item that corresponds to the user identificationinformation.

In step S1809, the search process providing unit 256 reports, to theauthentication app 252, the search result “failure” indicating that userinformation stored in the storage unit 1702 does not have an item thatcorresponds to the user identification information.

In step S1810, if the search result “failure” is reported from thesearch process providing unit 256, namely, if authentication using userinformation stored in the storage unit 1702 has failed, theauthentication app 252 sends, to the external server 1701, a request tosearch user information in the external server 1701.

In step S1811, the external server 1701 reports, to the authenticationapp 252, a search result indicating whether user information thatcorresponds to the user identification information is present in thefirst user information management DB 160 a included in the externalserver 1701. In FIG. 18, it is assumed that the search result indicates“success” and includes the user information that corresponds to the useridentification information.

In step S1812, the authentication app 252 performs an authenticationprocess based on the user information included in the search resultreported from the external server 1701. For example, since the userinformation that corresponds to the user identification information isdetected in the external server 1701, the authentication app 252determines that the authentication has been successful. In response tothis, the authentication app 252 displays that the authentication hasbeen successful in the operation panel 27, for example.

In step S1813, in accordance with a request from the authentication app252, caching of the user information in steps S904 to S916 shown in FIG.9, for example, is performed. In accordance with this, the userinformation that has been successfully authenticated is stored in thecached user information management DB 268 or the cached user informationmanagement DB 162, for example.

In addition, in step S1805 or S1807, if user information thatcorresponds to the user identification information is retrieved, theauthentication process unit 260 reports a search result indicating“success” and including the retrieved user information to theauthentication app 252 via the search process providing unit 256. Inthis case, the authentication app 252 may use the user informationreported from the authentication process unit 260 to perform anauthentication process.

In this manner, the authentication app 252 according to the presentembodiment uses user information stored in the storage unit 1702 toperform authentication of a user that is to start using the compositedevice 100. Further, if authentication using the user information storedin the storage unit 1702 has failed, the authentication app 252 can useuser information stored in the external server 1701 to performauthentication of the user that is to start using the composite device100.

FIG. 19 is a sequence diagram (2) of a user authentication processaccording to the third embodiment. Since the process in steps S1801 toS1809, S1812, and S1813 in FIG. 19 is the same as in FIG. 18, adifference is mainly described in the following.

In step S1901, if a search result “failure” is reported from the searchprocess providing unit 256, namely, if authentication using userinformation stored in the storage unit 1702 has failed, theauthentication app 252 sends, to the main body 10, a request to searchuser information in the main body 10.

In step S1902, the user information process unit 154 of the main body 10reports, to the authentication app 252, a search result indicatingwhether user information that corresponds to the user identificationinformation is present in the second user information management DB 160b included in the main body 10. In FIG. 19, it is assumed that thesearch result indicates “success” and includes the user information thatcorresponds to the user identification information. In addition, theprocess from step S1812 is the same as in FIG. 18.

In this manner, if authentication using the user information stored inthe storage unit 1702 has failed, the authentication app 252 accordingto the present embodiment can use user information stored in an externaldevice (such as the external server 1701 or the main body 10) to performauthentication of a user.

FIG. 20 is a sequence diagram (3) of a user authentication processaccording to the third embodiment. Since the process in steps S1801 toS1809, S1812, and S1813 in FIG. 20 is the same as in FIG. 18, adifference is mainly described in the following.

In step S2001, if a search result “failure” is reported from the searchprocess providing unit 256, namely, if authentication using userinformation stored in the storage unit 1702 has failed, theauthentication app 252 sends, to the main body 10, a request to searchuser information in the main body 10.

In step S2002, the user information process unit 154 of the main body 10reports, to the authentication app 252, a search result indicatingwhether user information that corresponds to the user identificationinformation is present in the second user information management DB 160b included in the main body 10. In FIG. 20, it is assumed that thesearch result indicates “failure.”

In step S2003, if the search result “failure” is reported from thesearch process providing unit 256, namely, if authentication using userinformation stored in the main body 10 has failed, the authenticationapp 252 sends, to the external server 1701, a request to search userinformation in the external server 1701.

In step S2004, the external server 1701 reports, to the authenticationapp 252, a search result indicating whether user information thatcorresponds to the user identification information is present in thefirst user information management DB 160 a included in the externalserver 1701. In FIG. 20, it is assumed that the search result indicates“success” and includes the user information that corresponds to the useridentification information. In addition, the process from step S1812 isthe same as in FIG. 18.

In this manner, if authentication using the user information stored inthe storage unit 1702 has failed, the authentication app 252 accordingto the present embodiment can use user information stored in a pluralityof external devices (such as the external server 1701 and the main body10) to perform authentication of a user.

Other Embodiments

The configuration of the information processing system 1 shown in FIG.17 is an example. The application layer 201 of the operation unit 20 mayinclude a plurality of authentication apps 252 such as faceauthentication, voice authentication, and fingerprint authentication.

In this case, each of the authentication apps 252 can use userinformation stored in the storage unit 1702 though an interface (API)provided by the search process providing unit 256 and perform anauthentication process.

Further, each authentication app 252 can cache (store) the userinformation in the storage unit 1702 through an interface (API) providedby the cache process providing unit 254, the user information havingbeen used for the authentication process. In accordance with this, eachauthentication app 252 can feely select whether to cache informationused for the authentication process in the storage unit 1702.

While the present invention is described with reference to specificexamples and variations, each example or variation is used only forillustrative purposes. Those skilled in the art will understand varioustypes of variations, modifications, alternatives, and replacements.While the devices according to examples of the present invention aredescribed using functional block diagrams for convenience sake, suchdevices may be implemented by hardware, software, or a combinationthereof. The present invention is not limited to the above-mentionedexamples and various types of variations, modifications, alternatives,and replacements are included without departing from the scope of thepresent invention.

The present invention is not limited to the specifically disclosedembodiments, but various variations and modifications may be madewithout departing from the scope of the present invention.

The present application is based on and claims the benefit of prioritiesof Japanese Priority Patent Application No. 2014-261712 filed on Dec.25, 2014 and Japanese Priority Patent Application No. 2015-242835 filedon Dec. 14, 2015 the entire contents of which are hereby incorporated byreference.

REFERENCE SIGNS LIST

-   -   1 information processing system    -   10 main body (first information processing device, execution        unit)    -   11, 21 CPU    -   12, 22 ROM    -   13, 23 RAM    -   14 HDD    -   15, 25 communication I/F    -   16, 26 connection I/F    -   17 engine unit    -   18, 29 system bus    -   20 operation unit (second information processing device)    -   24 flash memory    -   27 operation panel    -   28 external connection I/F    -   30 network    -   31 card reader/writer (user identification information obtaining        unit)    -   32 communication path    -   100 composite device (image processing apparatus)    -   252 authentication app (program)    -   254 cache process providing unit (first determining unit)    -   256 search process providing unit (second determining unit)    -   258 user information process providing unit (third determining        unit)    -   260 authentication process unit (predetermined process unit)    -   262 user information process unit    -   300 IC card    -   400 authentication server (server device)    -   1701 external server    -   1702 storage unit

The invention claimed is:
 1. An information processing system comprising: a first storage that stores user information about one or more users of the information processing system; a second storage; and a processor that is configured to provide an Application Programming Interface (API) for allowing an application program to request caching of the user information in the second storage, and determine whether to store, in the second storage, user information used in the application program, depending on whether the application program requests the caching of the used user information by use of the Application Programming Interface (API); obtain the used user information from the first storage and store the used user information in the second storage if the processor determines that the used user information is to be stored in the second storage; determine whether to perform a specified process using the used user information in the second storage, depending on whether the application program requests the performing of the specified process; and perform the specified process using the used user information in the second storage if the processor determines that the specified process is to be performed, wherein if the processor cannot perform the specified process using the used user information stored in the second storage, the processor performs the specified process using the user information about one or more users stored in the first storage.
 2. The information processing system as claimed in claim 1, wherein the processor is further configured to obtain user identification information to identify one of the one or more users that is to use the information processing system, wherein the processor searches the used user information stored in the second storage and permits the one of the one or more users to use the information processing system if the used user information includes the user identification information.
 3. An image processing apparatus comprising: a first information processing device; and a second information processing device in communication with the first information processing device, wherein the second information processing device includes a storage, and a processor that is configured to provide an Application Programming Interface (API) for allowing an application program to request caching of, in the storage, user information about one or more users of the image processing apparatus, the user information being stored in one or more external devices, and determine whether to store, in the storage, user information used in the application program, depending on whether the application program requests the caching of the used user information by use of the Application Programming Interface (API), and obtain the used user information from the one or more external devices and store the used user information in the storage if the processor determines that the used user information is to be stored in the storage, wherein the storage of the second information processing device includes a volatile storage, wherein the first information processing device includes a nonvolatile storage that stores the used user information to be stored in the volatile storage, and wherein when the image processing apparatus is powered on, the processor obtains the used user information stored in the nonvolatile storage from the first image processing device and stores the used user information in the storage.
 4. The image processing apparatus as claimed in claim 3, wherein one of the one or more external devices includes a server device connected to the image processing apparatus via a network.
 5. The image processing apparatus as claimed in claim 3, wherein the application program authenticates one of the one or more users of the image processing apparatus, and the processor provides an interface for the application program to store the used user information in the storage.
 6. The image processing apparatus as claimed in claim 3, wherein the application program uses the used user information, the used user information being stored in the storage, to authenticate one of the one or more users that is to use the image information apparatus.
 7. The image processing apparatus as claimed in claim 6, wherein if the application program fails to authenticate the one of the one or more users using the used user information stored in the storage, the application program uses the user information about the one or more users, the user information being stored in the one or more external devices, to authenticate the one of the one or more users that is to use the image information apparatus.
 8. An information processing method performed by an information processing system including a first storage that stores user information about one or more users of the information processing system: a second storage; and a processor, the information processing method comprising: by the processor, providing an Application Programming Interface (API) for allowing an application program to request caching of the user information in the second storage, and determining whether to store, in the second storage, user information used in the application program, depending on whether the application program requests the caching of the used user information by use of the Application Programming Interface (API); by processor, obtaining the used user information from the first storage and storing the used user information in the second storage if the processor determines that the used user information is to be stored in the second storage; by the processor, determining whether to perform a specified process using the used user information in the second storage, depending on whether the application program requests the performing of the specified process; and by the processor, performing the specified process using the used user information in the second storage if the processor determines that the specified process is to be performed, wherein if the specified process using the used user information stored in the second storage cannot be performed, the specified process is performed by the processor using the user information about one or more users stored in the first storage. 